Hackers used unpatched server to breach Debian

brk()ing and entering

Common Topics

A security alert issued by the Debian says that a known Linux kernel code vulnerability was used to break into the project's servers, bringing development builds to a halt.

An encrypted program (encrypted using the TESO BurnEye obfuscator) used an overflow in brk() which allowed the user process to get executable access to kernel space. It's a local exploit, which was only possible because a hacker used a stolen password, then escalated the privileges. All passwords on one of the development machines were invalidated.

"If you have or had access to a Debian machine and were using the same password on other machines you are strongly advised to change it as soon as possible. When the cleanup is done all passwords will be invalidated and accounts unlocked and people can request a new password through the email robot on db.debian.org," Debian advised on Friday.

Debian has yet to disclose the damage, if any, that the attacker caused to the source code tree.

The bug was patched in September, but not included in the 2.4.22 release. To the sound of galloping hooves disappearing into the distance, you can find out how to close the stable door here. ®